Your interpretation is correct in that one of the consequences that follows that you're.... I mean, it's unlikely that if you're a director or officer of a corporation you would act with intent to break the law, which is what you have to do here. I'm sure your employer doesn't ask you to do that.

It's no different from any other law, all sorts of other laws, where you can go after the officer or the corporation or both. Normally we only go after the corporation, because the corporation will take the necessary disciplinary action to make sure that its individuals obey the law, but you have the option to go after both. I don't see that this will in any way discourage people from working in Canada or assuming responsibility.

I would also like to thank the representatives from the CRTC for appearing before us. My first question is for any one of you three.

You talked about cooperative agreements with the provinces, the G8 countries and organizations outside Canada. You also mentioned that there would be some exchanges between the Office of the Privacy Commissioner, the Competition Bureau and the CRTC. Will each of your organizations reach its own agreements with each province and country, or has any thought been given to something simpler, some type of cooperation or exchange? Your three organizations are covered by the same bill and will have to adopt protocols. What steps do you intend to take? Will you be coordinating your efforts or will the three organizations act independently?

First of all, the Competition Bureau, the Office of the Privacy Commissioner and the Canadian Radio-television and Telecommunications Commission are three federal agencies with confidentiality obligations. They cannot swap information unless permitted to do so by law. They are not compelled, but they may share information to facilitate things for another organization, consumers or complainants. We can work in collaboration when the opportunity arises.

Secondly, clause 60 of the bill under review states that we can swap information and even do research for other foreign organizations, providing that there is an international arrangement. This is a good thing, but it is complicated. I have been a competition commissioner, and I know that it takes a great deal of time to do this. We have to get other organizations and departments to participate, there are always political considerations, and so forth.

I have taken a look at what the Americans have done on this issue. They felt that it was essential to be able to swap information with another country and do research for a foreign organization that has authority and legislative provisions similar to theirs. We are suggesting this approach because it is quick. Most of the spam comes from the United States. It is absolutely crucial that, at the outset, Canada and the United States be able to cooperate and help each other out. It will take several years before an international arrangement can be negotiated and, meanwhile, we will not be able to do anything about these emails coming from the United States.

It is good to hear you say that you will be cooperating with institutions outside Canada, but I would like to ask you my question again. Will the information gathered by the Office of the Privacy Commissioner, the Competition Bureau or the CRTC be mutually accessible, so that there will be no duplication of effort? I am not sure whether there will be any real coordination.

As far as this bill is concerned, we have most of the responsibility. We are responsible for prosecutions in the case of an offence. If someone is sending spam, it may contain misleading advertising and the Competition Bureau would need this. Rather than start its own enquiry, the Bureau may inform us that it has received complaints about this individual. If the Bureau is aware of the fact that we are in the process of prosecuting the individual for sending spam, it can seek our permission to obtain the information we have in order to determine whether or not there are grounds for a charge of misleading advertising. That is one example.

In most cases, there will be separate and targeted legal proceedings for specific offences. Nevertheless, in cases where there are two aspects to the offence, we may share the information.

Is the CRTC responsible for coordination? Will there be some small organization that coordinates the three agencies? Indeed, even though three agencies are involved, someone may not be responsible for this. Has any thought been given to leadership or coordination between the three institutions?

No, this does not exist, and I do not believe that it will be necessary. Each of us has a specific task, which is quite different from the tasks of the other two. Should there be a divergence or an overlap...

Indeed, overlap. Most of the time, this is not the case. I believe that there are very few instances where the competition commissioner or the privacy commissioner will get involved in violations. We get involved in the vast majority of such cases.

I'm going to start with a look at clause 20, which talks about violations. Subclause 20(3) says:

The following factors must be taken into account when determining the amount of a penalty:

Then it goes through a list of the different things that have to be taken into account.

In the previous meeting, there was some concern raised by a couple of different witnesses about the amounts involved in the administrative monetary penalties--i.e., $1 million for individuals, $10 million for businesses. The concern was that there would be some minor violation of the act and a company would be subject to a fine of $10 million. For an individual, it would be $1 million for a minor violation.

As I read clause 20, though, it seems pretty clear that there are measures within the bill to ensure that this won't be the case. Maybe you could comment on the use of AMPs in this way.

First of all, it's “up to” $1 million or $10 million. It could be $10, $100, $1,000, or whatever is appropriate.

Secondly, we, like every enforcement agency, have a compliance compendium. You start off by educating people. You warn them, you try to get them to comply, you try to educate them. Then, if there is resistance or a wilful breach, you can fine them.

When you do fine them, you take into account the gravity of the action taken. Was it deliberate or was it unintentional? Was it repetitive? What was the cost damage? When you impose a fine, you take into account both aspects--the deterrence aspect, in that it should be a lesson to this person and others not to do it again, and also the effect it will have. You don't want to put somebody out of business. You just want to make sure they get a meaningful lesson and won't do it again.

Now, if it's somebody who is just deliberately, consistently, and wilfully breaching, etc., obviously you may go close to the maximum or to the maximum. It depends; you make an assessment of the circumstances.

Just following up on the Bloc's questions, I want to talk a little bit about the three agencies involved in the enforcement.

What is the justification behind having the three agencies enforce the proposed new law? Maybe you could elaborate a little bit more on the role for each. You say there's not going to be overlap, but how do we make sure that the three agencies cover off everything we want to cover off?

The act basically says it's an opt-in scheme. I may not send you an e-mail unless I have your consent, implicit or implied. That is a key provision, and it falls squarely into the realm of the competence of the CRTC. We enforce it. We decide whether or not there was consent. If there was no consent, we take remedial action.

The act also addresses two subsidiary offences. Not only could spam bother you with e-mails that you don't want, it could also send you misleading information that you act on to your detriment. To the extent that happens, the competition commissioner is specifically empowered to deal with the misleading advertising aspect of spam. As I say, I think they really could do it right now, because they have a ban on misleading advertising at any time, in any form. The act specifically means they can also do it for spam.

So is spam purely the jurisdiction of the CRTC? No, it's not. If you use spam for misleading advertising purposes, you also have to account for it to the competition commissioner.

It's the same thing if you use spam and address lists to somehow do something that violates the privacy provision of either the Privacy Act or PIPEDA. The Privacy Commissioner can come after you then.

You talked a little bit about international cooperation. What experience does the CRTC have in cooperating with communications authorities in other countries under the Telecommunications Act and the Broadcasting Act?

We have very good cooperation. We exchange views and information. But everybody is bound by the provisions of the statute and by the extent to which the statute allows you to exchange information or not.

I'm particularly concerned with the United States. For obvious reasons, it's the most important partner for us. My experience is that if you have legislation that basically mirrors the U.S. legislation, it works very well. They know it and understand it and so on. So if you ask that this be subject to international agreement, as set out here, you're going to wait an awfully long time. You're going to get the State Department and the justice and other agencies involved. It would be the same on our side as well. There would always be political overrides for particular situations.

Doing an international agreement is not so simple and straightforward, and here you want to have something quick. If there is spam that comes out of Utah, I want to be able to tell the FTC, “Listen, there's someone in Utah who systematically spams Canada. Get me the information so I can prosecute them.”

It's the same thing for them. If somebody in Manitoba spams into the States, I'll investigate. If I have the information, I want to have the ability to give it to them.

You've talked about the legislation that other countries have. How do the information- and evidence-sharing provisions in this bill compare with the legislation and similar measures in other countries--for example, Australia?

I know that the Australian legislation is largely a model for ours and has the same opt-in provisions, etc. I am not acquainted with the details of the information, but they don't have the problem we have: they don't live next door to the biggest economic power in the world with essentially an invisible border.

Obviously we're in an age when the digital world is becoming more and more important for us from the innovation side of things. As we move forward, business and personal communications will become the frontier. Well, they are the frontier, and will be even more so.

How important is this legislation in moving us forward in this digital age?